On Tue Apr 1, 2025 at 3:51 PM CEST, Danilo Krummrich wrote:
> On Mon, Mar 24, 2025 at 06:32:53PM +0000, Benno Lossin wrote:
>> On Mon Mar 24, 2025 at 7:13 PM CET, Danilo Krummrich wrote:
>> > On Mon, Mar 24, 2025 at 05:36:45PM +0000, Benno Lossin wrote:
>> >> On Mon Mar 24, 2025 at 5:49 PM CET, Danilo Krummrich wrote:
>> >> > On Mon, Mar 24, 2025 at 04:39:25PM +0000, Benno Lossin wrote:
>> >> >> On Sun Mar 23, 2025 at 11:10 PM CET, Danilo Krummrich wrote:
>> >> >> > On Sat, Mar 22, 2025 at 11:10:57AM +0100, Danilo Krummrich wrote:
>> >> >> >> On Fri, Mar 21, 2025 at 08:25:07PM -0700, Greg KH wrote:
>> >> >> >> > Along these lines, if you can convince me that this is something that we
>> >> >> >> > really should be doing, in that we should always be checking every time
>> >> >> >> > someone would want to call to_pci_dev(), that the return value is
>> >> >> >> > checked, then why don't we also do this in C if it's going to be
>> >> >> >> > something to assure people it is going to be correct? I don't want to
>> >> >> >> > see the rust and C sides get "out of sync" here for things that can be
>> >> >> >> > kept in sync, as that reduces the mental load of all of us as we travers
>> >> >> >> > across the boundry for the next 20+ years.
>> >> >> >>
>> >> >> >> I think in this case it is good when the C and Rust side get a bit
>> >> >> >> "out of sync":
>> >> >> >
>> >> >> > A bit more clarification on this:
>> >> >> >
>> >> >> > What I want to say with this is, since we can cover a lot of the common cases
>> >> >> > through abstractions and the type system, we're left with the not so common
>> >> >> > ones, where the "upcasts" are not made in the context of common and well
>> >> >> > established patterns, but, for instance, depend on the semantics of the driver;
>> >> >> > those should not be unsafe IMHO.
>> >> >>
>> >> >> I don't think that we should use `TryFrom` for stuff that should only be
>> >> >> used seldomly. A function that we can document properly is a much better
>> >> >> fit, since we can point users to the "correct" API.
>> >> >
>> >> > Most of the cases where drivers would do this conversion should be covered by
>> >> > the abstraction to already provide that actual bus specific device, rather than
>> >> > a generic one or some priv pointer, etc.
>> >> >
>> >> > So, the point is that the APIs we design won't leave drivers with a reason to
>> >> > make this conversion in the first place. For the cases where they have to
>> >> > (which should be rare), it's the right thing to do. There is not an alternative
>> >> > API to point to.
>> >>
>> >> Yes, but for such a case, I wouldn't want to use `TryFrom`, since that
>> >> trait to me is a sign of a canonical way to convert a value.
>> >
>> > Well, it is the canonical way to convert, it's just that by the design of other
>> > abstractions drivers should very rarely get in the situation of needing it in
>> > the first place.
>>
>> I'd still prefer it though, since one can spot a
>>
>> let dev = CustomDevice::checked_from(dev)?
>>
>> much better in review than the `try_from` conversion. It also prevents
>> one from giving it to a generic interface expecting the `TryFrom` trait.
>
> (I plan to rebase this on my series introducing the Bound device context [1].)
>
> I thought about this for a while and I still think TryFrom is fine here.
What reasoning do you have?
> At some point I want to replace this implementation with a macro, since the code
> is pretty similar for bus specific devices. I think that's a bit cleaner with
> TryFrom compared to with a custom method, since we'd need the bus specific
> device to call the macro from the generic impl, i.e.
>
> impl<Ctx: DeviceContext> Device<Ctx>
>
> rather than a specific one, which we can't control. We can control it for
> TryFrom though.
We could have our own trait for that. Also it's not as controllable as
you think: anyone can implement `TryFrom<&device::Device> for &MyType`.
> However, I also do not really object to your proposal, hence I'm willing to make
> the change.
>
> Do you want to make a proposal for the corresponding doc comment switching to a
> custom method?
I think have too little context what `device::Device` and `pci::Device`
are. But I can give it a try:
/// Tries to converts a generic [`Device`](device::Device) into a [`pci::Device`].
///
/// Normally, one wouldn't need to call this function, because APIs should directly expose the
/// concrete device type.
Then I think another sentence about a valid use-case of this function
would make a lot of sense, but I don't know any.
---
Cheers,
Benno
